On Wed, Feb 17, 2016 at 08:08:26AM -0600, Tom Browder wrote:
I have several remote Debian 7 servers and would like to secure it in the following manner: 1. root will not be allowed any external access (access is only via a user becoming root while logged in)
Ensure all users who may be allowed super-user access are in /etc/sudoers. Then run "sudo passwd -l". This will LOCK the password for root (that is, set the encrypted password to a value which cannot be matched. Additionally, the locked password may not be changed).
In this manner, root cannot be logged into directly, but users can still elevate to root by using sudo.
2. after initial setup, no ssh access will be allowed via a password
$ echo "PasswordAuthentication No" | sudo tee -a /etc/ssh/sshd_config $ sudo service ssh restart
I have seen much documentation on securing such a host, but I don't want to be an expert--I just need a recipe. Many thanks. Best regards, -Tom
-- For more information, please reread.
Attachment:
signature.asc
Description: PGP signature